After executing the above cde im getting tow session IDs as output because we displat NewID and not Session.SessionID. On replacing NewID with session.sessionid we will find that the id has not changed.

Though we are creating a new session id im not able to set the browsers session id as that new id.

Can you help me with this? I will not get through the AppScan if i dont get this right!

I have used the code provided by you in this article. The Session ID is getting changed successfully. However the Sessions that I have created before this is becoming null. Can you help me to over come this situation.

For Eg:
1. At the Begining the I have created few sessions with the name Session["Name"] , Session["ID"], and let us assume the session id is 01234567890
2. I have changed the Session ID programtically then the session id is 09876543210(Let us assume).
3. After changing the SessionID programatically the session value which I have created earlier is becoming nul..

Thanks for the code. I needed to destroy the old session id once the payment had gone through when using sessionstate = sqlserver. That way if they went back in to buy more it wasn't using the same shop cart. Thanks again.